Podcasts about Siem

Guest: Raffael Marty, Operating Advisor, a SIEM legend since 1999 Topics: You argue that declaring existing SIEM being obsolete is a "marketing slogan" rather than a true thesis. What is the real pain point and the actual gap in traditional SIEMs as opposed to the more sensational claims? You highlight that "correlation, state, timelines, and real-time detection require locality," making centralization a necessary trade-off. Can a truly federated or decoupled SIEM architecture achieve the same fidelity and real-time performance for complex, stateful detections as a centralized one? You call the rise of independent security data pipelines the "SIEM Trojan Horse." How quickly is this abstraction layer turning SIEM into a "swappable" component, and what should SIEM vendors have done differently years ago to prevent this market from existing? This "AI SOC" thing, is this even real? Is AI in a SOC a better label? Do you think major SIEM vendors will own this very soon, like they did with UEBA and SOAR? If volume-based pricing is flawed because it penalizes good security hygiene, what is a better SIEM pricing model that fairly addresses compute, enrichment, and retention costs without just shifting the volume cost to unpredictable query charges? You question the idea that startups can find a better way to release detection rules than large vendors with significant content teams. What metrics should security leaders use to evaluate the quality of a vendor's detection engineering (DE) output beyond just coverage numbers? Can AI fix DE?   Resources: Video version The SIEM Maturity Framework: A Practical Scoring Tool for Security Analytics Platforms and raffy.ch/SIEM/ The Gaps That Created the New Wave of SIEM and AI SOC Vendors How AI Impacts the Cyber Market and The Future of SIEM Why Venture Capital Is Betting Against Traditional SIEMs EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI EP234 The SIEM Paradox: Logs, Lies, and Failing to Detect EP125 Will SIEM Ever Die: SIEM Lessons from the Past for the Future Decoupled SIEM: Brilliant or Stupid? Decoupled SIEM: Where I Think We Are Now?

(Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.) Three Buddy Problem - Episode 89: We discuss Iran hacktivist group 'Handala' wiper attacks against US medical device maker Stryker, Microsoft Intune MDM tool abuse, and whether Iran's cyber retaliation is as scary as the headlines suggest. Plus, ESET's discovery that Russia's APT28 original implant developers are back after years of silence, Dutch intelligence warnings on Russian campaigns targeting Signal and WhatsApp accounts, Apple finally patching Coruna exploit kit vulnerabilities for older iPhones, and Google sharing Coruna samples that raise new questions about the exploit kit's proliferation chain. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Alan Lucas always wanted to be an architect or a firefighter — as CISO of Worldstream and Greenhouse Datacenters, he has become both. In this episode, he joins host Steve Moore to explore leading cybersecurity at the intersection of design and crisis response.Alan traces his path from Fox-IT through a Dutch cryptocurrency exchange where he arrived post-breach to an organization under near-constant attack from nation-state threat actors. Leading a technically sophisticated but security-anxious leadership team, he learned the lasting power of transparency and directness — and his most memorable measure of success was not a technical control, but a CTO who finally slept through the night.The conversation goes deep into crisis communication. Alan and Steve discuss how the industry has matured from reflexive silence around breaches to embracing transparency as a trust-building tool, the danger of well-meaning legal edits that send customers chasing the wrong narrative, and why the CISO should hold final review over all public incident communications. He also shares his Security Champions Program, tabletop exercise design, and why knowing who to call in a crisis must be mapped out before that crisis arrives.Alan also covers his volunteer work with the DIVD, coaching ethical hackers and supporting responsible disclosure worldwide — an extension of his belief that security, done well, creates trust and enables growth for everyone.The episode closes on "bouncing forward" — the idea that true resilience means using every incident as a forcing function for improvement, not just a return to baseline. Alan frames lessons learned as the most important resilience KPI a security team can own. A masterclass in leading through both calm and chaos. Key Topics• The architect-and-firefighter mindset: building security programs while fighting live fires• Alan's career path from Fox-IT (MSSP) to post-breach CISO at a cryptocurrency exchange• Leading security post-breach — and what "sleeping well again" actually means• The unique threat landscape facing cryptocurrency companies, including nation-state adversaries• The Dutch Institute for Vulnerability Disclosure (DIVD): coordinated, ethical vulnerability disclosure worldwide• Mentoring young ethical hackers: communication, confidence, and responsible disclosure process• Crisis communication: balancing transparency with operational security during active incidents• Why legal edits to breach notifications can mislead customers and create dangerous distractions• The CISO's role as final reviewer of all incident communications• Security Champions Programs: bridging the gap between security and non-technical departments• Tabletop exercise design: running effective simulations in under an hour with non-technical staff• Writing the breach notification letter before the breach happens• Bouncing forward, not bouncing back: using lessons learned as a resilience KPI• Security as a business enabler: positioning the CISO role for organizational growth and confidenceGuest BioAlan Lucas is CISO at Worldstream and Greenhouse Datacenters, two of the Netherlands' leading cloud and data center infrastructure providers. With over a decade of cybersecurity experience, he leads security strategy for mission-critical IT and cloud environments. Prior roles include Fox-IT (MSSP) and LiteBit, a Dutch cryptocurrency exchange where he served as CISO post-breach. Alan also volunteers as a coach at the Dutch Institute for Vulnerability Disclosure (DIVD), mentoring ethical hackers and supporting responsible disclosure globally. He is passionate about security as a catalyst for innovation — and about building a safer digital society, one step at a time.LEARN MORE:

NSA and Cyber Command head confirmed Russians targeting encrypted messaging app users OpenAI rolls out vulnerability scanner Get links to all the stories in our show notes: https://cisoseries.com/cybersecurity-news-march-11-2026/ Huge thanks to our sponsor, Dropzone AI Remember yesterday's 3 AM threat intel? Here is how it plays out with Dropzone AI.   The intelligence drops. Dropzone picks it up, turns it into a threat hunt, and runs it across your SIEM, EDR, and cloud data while your team sleeps. By morning, your analysts have answers, not a backlog.   That is the AI Threat Hunter, the newest agent on the team, debuting at RSAC. Booth 455, South Expo Hall. dropzone.ai/rsa-2026-ai-diner  

De bekerfinalisten zijn bekend, er dreigt een degradatieplek voor Tottenham Hotspur en net geen remontada voor FC Barcelona. Kortom: er gebeurt van alles in het voetballandschap. En dus is #DoneDeal er ook weer met een kakelverse aflevering. Want er treden veranderingen op bij Ajax, dat Siem de Jong en Daniël de Ridder opneemt in het technisch management. Feyenoord heeft nog altijd geen technisch directeur en PSV moet een lastige knoop doorhakken. Check nu de nieuwste aflevering van #DoneDeal!See omnystudio.com/listener for privacy information.

(Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.) Matthias Frielingsdorf (co-founder and VP of Research at iVerify) joins the show to discuss the mysterious US government connection to 'Coruna', an iOS exploit kit fitted with 23 exploits across five full chains targeting iPhones iOS 13 through 17.2.1. We talk about a "gut feeling" connecting this to the L3 Trenchant/Peter Williams exploit sale scandal, how a nation-state-grade exploit kit ended up in the hands of a Chinese cybercrime group chasing crypto wallets, and what it means that criminal organizations are now deploying iPhone zero-days at scale. Matthias walks through what iVerify can and can't do on Apple's locked-down platform, why he thinks Apple needs to give defenders more access, the Lockdown Mode debate, the thorny issue of sample sharing in the research community, and practical advice for everyday iPhone users facing a threat landscape that just got a lot more complicated.

⬥EPISODE NOTES⬥ The security operations center has always been a battleground of volume, velocity, and human endurance. Analysts have long faced the impossible math of too many alerts, too few hours, and too much at stake. For years, the industry promised automation would change that equation -- but the technology was never quite ready to deliver. That moment, according to Richard Stiennon, has now arrived. Stiennon, Chief Research Analyst at IT-Harvest, has spent two decades tracking every corner of the cybersecurity vendor landscape. His data now shows more than 61 net-new SOC automation vendors -- companies that did not exist a few years ago -- built from the ground up to replace the work of tier-one, tier-two, and tier-three analysts. Some of these vendors launched in January 2024 and reached $1 million in ARR by April. By the end of 2025, several were reporting $3 million ARR. These are not incremental improvements. They represent a structural shift in how security operations can be run. What makes this generation of SOC automation different from earlier SIEM and SOAR tooling is scope and autonomy. The value proposition is blunt: 100% alert triage, 24 hours a day, 7 days a week -- with automated case building, threat investigation, and response actions including machine isolation and reimaging. Stiennon points to a CISO he met, speaking under Chatham House rules, who disclosed that a large enterprise had already eliminated its entire human SOC team. He predicts that disclosure will go public before long. The conversation also explores the business context question that security leaders frequently wrestle with: are these AI-driven SOC tools operating with a narrow cyber mandate, potentially optimizing for security metrics at the expense of business continuity? Stiennon pushes back on that concern, arguing that large language models are already trained on the full breadth of human knowledge -- they understand business context at a level that exceeds most organizations' internal documentation. The more pressing risk, he suggests, is not that AI will act outside business intent, but that organizations will move too slowly to benefit. Waiting six months for a proof-of-concept report while spending a million dollars on human SOC operations is not due diligence -- it is opportunity cost. The conversation also touches on data privacy in AI-driven security, the role of federated learning and fully homomorphic encryption for compliance-sensitive environments, and what security leaders can do today to evaluate and accelerate their own adoption timeline. Stiennon will be at RSA Conference 2026 with his new book, Guardians of the Machine Age: Why AI Security Will Define Digital Defense, continuing to make the case for a field that is moving faster than most organizations are prepared to acknowledge. ⬥GUEST⬥ Richard Stiennon, Chief Research Analyst at IT-Harvest | Website: https://it-harvest.com/ On LinkedIn: https://www.linkedin.com/in/stiennon/ ⬥HOST⬥ Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/ ⬥RESOURCES⬥ IT-Harvest | https://it-harvest.com/ Richard Stiennon on LinkedIn | https://www.linkedin.com/in/stiennon/ Guardians of the Machine Age: Why AI Security Will Define Digital Defense (Richard Stiennon) | Available via IT-Harvest and major booksellers RSAC Conference 2026 Coverage on ITSPmagazine | https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/ More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ⬥ADDITIONAL INFORMATION⬥ On Podcast: https://www.seanmartin.com/redefining-cybersecurity-podcast On YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq Newsletter: https://itspm.ag/future-of-cybersecurity Contact Sean: https://www.seanmartin.com/ ⬥KEYWORDS⬥ richard stiennon, it-harvest, sean martin, soc automation, ai security, security operations center, threat detection, autonomous response, alert triage, security operations, cybersecurity vendors, ai agents, large language models, federated learning, siem, soar, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

⬥EPISODE NOTES⬥ The security operations center has always been a battleground of volume, velocity, and human endurance. Analysts have long faced the impossible math of too many alerts, too few hours, and too much at stake. For years, the industry promised automation would change that equation -- but the technology was never quite ready to deliver. That moment, according to Richard Stiennon, has now arrived. Stiennon, Chief Research Analyst at IT-Harvest, has spent two decades tracking every corner of the cybersecurity vendor landscape. His data now shows more than 61 net-new SOC automation vendors -- companies that did not exist a few years ago -- built from the ground up to replace the work of tier-one, tier-two, and tier-three analysts. Some of these vendors launched in January 2024 and reached $1 million in ARR by April. By the end of 2025, several were reporting $3 million ARR. These are not incremental improvements. They represent a structural shift in how security operations can be run. What makes this generation of SOC automation different from earlier SIEM and SOAR tooling is scope and autonomy. The value proposition is blunt: 100% alert triage, 24 hours a day, 7 days a week -- with automated case building, threat investigation, and response actions including machine isolation and reimaging. Stiennon points to a CISO he met, speaking under Chatham House rules, who disclosed that a large enterprise had already eliminated its entire human SOC team. He predicts that disclosure will go public before long. The conversation also explores the business context question that security leaders frequently wrestle with: are these AI-driven SOC tools operating with a narrow cyber mandate, potentially optimizing for security metrics at the expense of business continuity? Stiennon pushes back on that concern, arguing that large language models are already trained on the full breadth of human knowledge -- they understand business context at a level that exceeds most organizations' internal documentation. The more pressing risk, he suggests, is not that AI will act outside business intent, but that organizations will move too slowly to benefit. Waiting six months for a proof-of-concept report while spending a million dollars on human SOC operations is not due diligence -- it is opportunity cost. The conversation also touches on data privacy in AI-driven security, the role of federated learning and fully homomorphic encryption for compliance-sensitive environments, and what security leaders can do today to evaluate and accelerate their own adoption timeline. Stiennon will be at RSA Conference 2026 with his new book, Guardians of the Machine Age: Why AI Security Will Define Digital Defense, continuing to make the case for a field that is moving faster than most organizations are prepared to acknowledge. ⬥GUEST⬥ Richard Stiennon, Chief Research Analyst at IT-Harvest | Website: https://it-harvest.com/ On LinkedIn: https://www.linkedin.com/in/stiennon/ ⬥HOST⬥ Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/ ⬥RESOURCES⬥ IT-Harvest | https://it-harvest.com/ Richard Stiennon on LinkedIn | https://www.linkedin.com/in/stiennon/ Guardians of the Machine Age: Why AI Security Will Define Digital Defense (Richard Stiennon) | Available via IT-Harvest and major booksellers RSAC Conference 2026 Coverage on ITSPmagazine | https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/ More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ⬥ADDITIONAL INFORMATION⬥ On Podcast: https://www.seanmartin.com/redefining-cybersecurity-podcast On YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq Newsletter: https://itspm.ag/future-of-cybersecurity Contact Sean: https://www.seanmartin.com/ ⬥KEYWORDS⬥ richard stiennon, it-harvest, sean martin, soc automation, ai security, security operations center, threat detection, autonomous response, alert triage, security operations, cybersecurity vendors, ai agents, large language models, federated learning, siem, soar, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

If your business was hacked today, would you know? Most companies discover cyber breaches 7 months after attackers infiltrate their networks. That's 207 days of undetected network intrusion, data theft, and security compromise.In this cybersecurity information episode, Darnley's reveals why silent data breaches happen, personal experience, how hackers remain undetected in business networks, and what signs indicate your company may already be compromised.Learn about:Average breach detection time and why dwell time matters for business securityHow cybercriminals use stealth tactics to evade network security toolsReal-world data breach examples: Target, Equifax, and Marriott hotel breach casesWarning signs of network compromise most IT security teams missThreat detection strategies to identify cyber attacks before massive data lossIncident response planning and cybersecurity monitoring best practicesDiscover how to detect network intrusions faster, reduce breach dwell time, and protect your business from silent cyber attacks. Whether you're a small business owner, IT professional, or security manager, this episode provides actionable cybersecurity advice.The silent breach is only silent if you're not listening. Learn how to protect your business network today.Click here to send future episode recommendationSupport the showSubscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.

I X-Files-afsnittet skal vi ned i Bostons undergrund med Agent Doggett, der har Scully i hans øre hele vejen. Noget mystisk foregår dernede - og de slår folk ihjel. Skuespiller Sidsel Seim Koch gæster os til en snak om X-Files-afsnittet, der har så meget potenitale.... men måske ikke formår at leve helt op til det.  0:00:00 - Intro  0:10:05 - Trivia 0:17:50 - Gennemgang 1:33:16 - RawDoggett 1:35:26 - Vurdering

(Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.) Huntress threat intelligence analyst Greg Linares shares insights on the modern ransomware ecosystem, including how crews operate like businesses and why Akira, Medusa, RansomHub, and Qilin cause so much damage. Plus, signs of overlap between ransomware and nation-state activity, what “time to ransom” really means for defenders, and why techniques like ClickFix and credential theft keep working at scale. The conversation also covers the surge in RMM tool abuse, how “living off the land” attacks can unfold without traditional malware, and the basic defenses smaller organizations can prioritize.

Christel Rouzaud est l'invitée du 231ème épisode du podcast C'est quoi le bonheur pour vous?

EDRだけでは追いつかない――攻撃はアイデンティティやクラウド、ネットワークを横断する“クロスドメイン”へと進化している。分断された監視体制のままで本当に守り切れるのか。クラウドストライクが提唱するNext-Gen SIEMと生成AI活用、MDRによる統合運用の実践手法から、AIネイティブ時代に求められる新たなセキュリティ戦略の全貌に迫る。

Send a textStop guessing which software to trust. We break down a clear, repeatable path to evaluate commercial off-the-shelf tools, open source projects, custom third‑party builds, and cloud services so you can pass CISSP Domain 8.4 with confidence and protect your environment in the real world. We start with exam-winning tactics—how to slow down, read for intent, and think like a manager—then move into concrete practices that tame software risk without stalling delivery.You'll hear how to interrogate vendor claims, separate real certifications from marketing fluff, and judge patch cadences and incident response maturity. We dig into open source realities: vetting contributors, scanning dependencies against the NVD, building and maintaining an SBOM, and avoiding abandoned projects that explode under pressure. For third-party development, we outline what strong contracts look like—SLAs with teeth, security clauses, indemnity—and the proof you should see: code audits, SAST/DAST, penetration tests, and meaningful logging around integrations.Cloud isn't a shortcut; it's a shift in responsibility. We map the questions that matter for SaaS, IaaS, and PaaS: data protection, tenant isolation, hypervisor hardening, API security, and event visibility into your SIEM. Then we stitch it all into an evaluation workflow you can run every time: functional fit, vendor validation, layered security assessment, compliance and licensing review, sandbox integration testing, and a deployment plan that defines fix‑forward and rollback before anything hits production. Wrap it with monitoring, periodic reassessment, and documentation that procurement, IT, and security can actually use, and you've built a trustworthy software supply chain.If this helped you think sharper about software risk and the CISSP exam, subscribe, share it with a teammate, and leave a quick review telling us your top vendor vetting question. Your feedback shapes future episodes.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Título del Episodio: Cyberseguridad y el Escudo de la Inteligencia Artificial: Aplicaciones RealesDescripción:¿Sabías que las empresas más seguras del mundo detienen miles de ataques por segundo gracias a la inteligencia artificial? En este episodio de [Nombre del Podcast], exploramos cómo la IA se ha convertido en el escudo definitivo contra las amenazas cibernéticas modernas.Desglosamos el tema en cuatro bloques clave:Los cimientos: El rol del Big Data y sus famosas "3 V" (Velocidad, Variedad y Veracidad) como combustible esencial. Descubre herramientas fundamentales como SIEM (con ejemplos de Splunk integrado en plataformas Cisco), EDR para endpoints y SOAR para orquestar respuestas automáticas sin intervención humana constante.El motor de la IA: Profundizamos en la taxonomía: del aprendizaje supervisado (con algoritmos como Random Forest y SVM para clasificar malware conocido) al poderoso aprendizaje no supervisado, que detecta lo desconocido mediante técnicas como K-means, Isolation Forest y UEBA (Análisis de Comportamiento de Usuarios y Entidades).Aplicaciones reales: Cómo la IA protege infraestructuras críticas (energía, agua, transporte) en Sistemas de Control Industrial (ICS), identifica amenazas de día cero, detecta anomalías en tiempo real y actúa como sistema de alerta temprana contra tácticas evasivas que aún no están documentadas.Los peligros ocultos: No todo es perfecto. Cuando la IA se convierte en el objetivo principal, surgen riesgos como ataques adversariales, envenenamiento de datos y manipulación de modelos que pueden engañar incluso a los sistemas más avanzados.Una explicación clara, bloque por bloque, bits a bits, para entender por qué la inteligencia artificial ya no es el futuro de la ciberseguridad... ¡es el presente!Presentado por Mario Meraz.¡No te lo pierdas si quieres estar un paso adelante de los ciberdelincuentes!Duración aproximada: [insertar duración si la tienes]Suscríbete para más episodios sobre tecnología, seguridad y tendencias digitales.#Ciberseguridad #InteligenciaArtificial #BigData #Ciberataques #AprendizajeAutomático #SeguridadInformática

Siem de Jong, Jan Vertonghen, Demy de Zeeuw en Maarten Stekelenburg halen herinneringen op aan het seizoen 2010/2011. Siem heeft wat mooie beelden uitgezocht, waar ze samen naar kijken.Deze aflevering is mede mogelijk gemaakt door Heineken. Wil je meedoen met de Cruyff Legacy 14K 2026 op zondag 12 april? Ga naar 14krun.nl voor alle info

Most organizations are drowning in data they can't process fast enough — leaving critical security gaps that adversaries exploit. Michael Cucchi, Chief Marketing Officer at Hydraulics, reveals how a groundbreaking new data architecture is transforming real-time security analytics, slashing processing costs by up to 40X while capturing every byte of telemetry across global networks.In this episode, you'll discover why traditional Security Information and Event Management (SIEM) systems are no longer sufficient for today's threat landscape. Michael breaks down the limitations of legacy data storage, ingestion bottlenecks, and costly rehydration issues that leave security teams blind during breaches. He shares how leading companies are adopting a new security data fabric designed for hyper-scalability, instant analysis, and unprecedented data retention — all at a fraction of the cost.We break down:The evolution and modern challenges of the SIM market, including why outdated architectures struggle with today's data volumes.How security analytics are rapidly moving toward real-time, agentic automation driven by AI and large-scale data fabrics.The critical importance of low-latency querying, cost-effective storage, and flexible architectures that enable security teams to operate at machine speed.Why the next wave of security operations will depend on maintaining and rehydrating vast, granular data stores without breaking the bank.How innovative companies like Hydraulics are building the emerging data fabric that will underpin zero-trust, AI-driven security in the years ahead.This episode is essential listening for security professionals, CTOs, and data architects eager to stay ahead of the exponential growth in security signals, threats, and complexity. Miss out on these insights, and your organization risks falling behind—armed only with legacy systems that can't keep up. A smarter, faster, cheaper future for security analytics is here.Plus, Michael shares exclusive research coming to RSA — including advances in AI-driven bots and zero trust frameworks. Whether you're defending enterprise assets or building next-generation SOCs, this conversation is your gateway to the future of security data management.Timestamps: 00:00 – Introduction and episode overview02:24 – Michael's background and experience in data science and security04:52 – How infrastructure and SIEM technologies have evolved over the past decade08:15 – Limitations of current SIEM architectures and data retention challenges12:10 – Hydraulics' approach to scalable, cost-effective security data platforms15:24 – The importance of real-time analytics in security operations17:00 – AI and automation in breach detection and incident response19:34 – Scaling security telemetry across global networks and CDN signals22:10 – The object-oriented storage analogy in security data management25:05 – Crossing the chasm: from traditional SIEM to real-time data fabric28:13 – Future of AI in security automation and the next decade in security tech31:01 – Final insights and how to connect with HydraulicsResources & Links:https://hydrolix.ioAWS Object StorageUnderstanding Data Fabrics in Security (hypothetical link)

In this episode of the Shift AI Podcast, Scott Roberts, CISO at UiPath, joins host Boaz Ashkenazy for a deep dive into how agentic AI is reshaping enterprise security and automation—both for customers and inside UiPath itself.Scott shares his 25-year security journey spanning Microsoft's early Security Response Center days (including the era that produced Patch Tuesday and the Security Development Lifecycle), product security work across Windows and Xbox, time at AWS, and leadership roles at Google where he helped build the Android Security Assurance and Pixel Security teams and the Android Monthly Security Update process. He also discusses his work in security standards across IPsec, HTML5 encrypted media, GSMA device security, and most recently, contributions to emerging agentic AI security standards.The conversation then explores UiPath's evolution from traditional RPA into a unified platform that combines deterministic automation with agentic workflows. Scott walks through a real-world healthcare billing example where agentic automation increased deduplication accuracy dramatically by handling complex, variable inputs that classic RPA struggled with—while still keeping humans in the loop and feeding outcomes back into the system to improve over time.Boaz and Scott go deep on what's changed for CISOs in the post-LLM world: the need for guardrails, identity and entitlements for AI agents, and the challenge of end users copying sensitive information into consumer AI tools. Scott explains UiPath's approach: enable adoption while using nudges and policy controls to redirect sensitive workflows into enterprise-safe environments rather than relying solely on blocks.The episode closes with an eye-opening look at UiPath's internal “agentic threat analyst” system—an orchestration of 60+ agents that can investigate SIEM alerts end-to-end, generate structured incident writeups, and compress hours of analyst work into roughly a minute and a half. Scott's future-looking takeaway: as AI models evolve beyond “read-only” into potentially “read-write” systems that can update their foundational knowledge, the acceleration could be truly mind-blowing.This episode is essential listening for security leaders, enterprise operators, and automation teams trying to understand how agentic systems change not just productivity, but the entire security operating model.Chapters[00:01] Scott's Security Journey: Microsoft, Google, Coinbase, UiPath[01:33] Security Standards Work: From IPsec to Agentic AI Standards[04:08] What UiPath Does: Process Orchestration, RPA, and Enterprise Automation[06:28] RPA vs Agentic Automation: A Healthcare Billing Deduplication Example[09:17] The Agentic Stack: Canvas, Guardrails, and the AI Trust Layer[10:31] How LLMs Change Security: Data Controls, Access, and Governance[12:14] Internal Adoption at UiPath: AI Tooling by Persona (Legal, Finance, Engineering)[13:13] Code Velocity and Security: Agents Generating Code, Agents Verifying It[15:53] Two AI Security Worlds: Orchestration Platforms vs End-User Chat Interfaces[17:11] Securing End Users: Enterprise LLMs, Nudges, and Browser-Based Controls[19:07] Sovereign AI and Data Boundaries: Keeping Data in the Right Region[21:00] Over-Permissioning Meets Agents: Why AI Makes Old Problems Obvious Fast[22:21] The Next Wave: AI Transforming the Entire SDLC End-to-End[24:53] Security Pitfalls in Agentic SDLC: Misaligned Incentives and Permissions[26:02] UiPath's Agentic Threat Analyst: 60+ Agents, SIEM to Writeup Automation[30:07] What Changes for Humans: Faster “Time to Truth” and Higher-Leverage Work[32:09] Two-Word Future: “Mind Blowing” and Read/Write ModelsConnect with Scott RobertsLinkedIn: https://www.linkedin.com/in/scottroberts6/Connect with Boaz AshkenazyLinkedIn: https://www.linkedin.com/in/boazashkenazy/Email: info@shiftai.fm

(Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.) Three Buddy Problem - Episode 86: We dig into GitLab's explosive look at North Korea's “Contagious Interview” APT operation, the scale of fake IT worker infiltration, and what it means for companies chasing cheap talent. Plus, a fresh batch of already-exploited Ivanti and Dell zero-days, the return of Apple's shutdown logs, and thoughts on addictive AI coding agents affecting human purpose. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Guest: Daniel Lyman, VP of Threat Detection and Response, Fiserv Topics: What is the right way for people to bridge the gap and translate executive dreams and board goals into the reality of life on the ground? How do we talk to people who think they have "transformed" their SOC simply by buying a better, shinier product (like a modern SIEM) while leaving their old processes intact? What are the specific challenges and advantages you've seen with a federated SOC versus a centralized one? What does a "federated" or "sub-SOC" model actually mean in practice? Why is the message that "EDR doesn't cover everything" so hard for some people to hear? Is this obsession with EDR a business decision or technology debt? How do you expect AI to change the calculus around data centralization versus data federation? What is your favorite example of telemetry that is useful, but usually excluded from a SIEM? What are the Detection and Response organizational metrics that you think are most valuable? Is the continued use of Excel an issue of tooling, laziness, or just because it is a fundamentally good way to interact with a small database? Resources: Video version "In My Time of Dying" book EP258 Why Your Security Strategy Needs an Immune System, Not a Fortress with Royal Hansen EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective The Gravity of Process: Why New Tech Never Fixes Broken Process and Can AI Change It? blog

Ce mois-ci, Radio Campus Angers ouvre ses micros à des personnes migrantes qui apprennent le français avec le Gref (Groupement des éducateurs sans frontières) à Angers. Elles viennent du Soudan, de Guinée, du Tibet, d'Afghanistan, de Géorgie, d'Arménie, d'Erythrée ou encore d'Angola. Pour leur première émission, elles ont choisi de parler de leurs espoirs. Au programme : un microtrottoir où les salarié·es de la Maison pour tous (MPT) de Monplaisir confient leurs espoirs pour 2026 les témoignages de Sagda et Mazahir sur leur espoir d’apprendre le français, suivis d’interviews d’élèves du Gref le sport, une source d’espoir pour Siem et Marie une interview de Coxe, infirmier, par Mariame, dont l’espoir est de devenir aide-soignante Babikar et Arman nous parlent de respect Omir évoque son espoir d’être en bonne santé les espoirs de paix de Mohamed et Sabad, suivi d’un microtrottoir réalisé à la MPT Kamal revient sur l’histoire de son pays, le Soudan les rêves de Manahil, Moussa, Marie, Dechen, Mustapha et Mohamed un rap en arabe interprété par Youssof Merci à Ghislaine et Michelle, bénévoles au Gref, qui ont accompagné le groupe dans la préparation de cette émission. Merci aussi à Kwal, slameur angevin qui a mené des ateliers d’écriture avec les participant·es, dont sont issus les textes interprétés dans cette émission, accompagnés au piano par Tony. Un projet financé par la Direction des affaires culturelles (Drac) des Pays de la Loire.

Parce que… c'est l'épisode 0x701! Shameless plug 25 et 26 février 2026 - SéQCure 2026 CfP 31 mars au 2 avril 2026 - Forum INCYBER - Europe 2026 14 au 17 avril 2026 - Botconf 2026 28 et 29 avril 2026 - Cybereco Cyberconférence 2026 9 au 17 mai 2026 - NorthSec 2026 3 au 5 juin 2026 - SSTIC 2026 19 septembre 2026 - Bsides Montréal Description Les initiatives du gouvernement du Québec en cybersécurité Dans cet épisode du podcast, je reçois Yvan Fournier, chef gouvernemental de la sécurité de l'information du gouvernement du Québec, qui occupe le poste de sous-ministre adjoint. Cette conversation révèle l'ampleur des transformations en cours au sein de l'appareil gouvernemental québécois en matière de cybersécurité. Un parcours technique impressionnant Yvan Fournier possède un parcours professionnel remarquable de 29 ans dans le réseau de la santé, où il a occupé pratiquement tous les postes possibles, du technicien jusqu'au directeur général de la cybersécurité. Son expertise technique est considérable : il détient 22 certifications en cybersécurité, a été le premier instructeur Novell francophone, et a même participé à des concours de hacking aux États-Unis. Cette solide expérience technique lui permet aujourd'hui d'apporter une vision pragmatique et éclairée à son rôle stratégique. Les 15 mesures obligatoires : une base solide En 2019, en collaboration avec des champions du réseau gouvernemental, l'équipe d'Yvan Fournier a établi 15 mesures obligatoires de cybersécurité, inspirées du référentiel NIST. Ces mesures incluent des éléments fondamentaux comme l'authentification multifacteur, l'application des correctifs de sécurité, et l'utilisation de systèmes d'exploitation encore supportés par les fabricants. Ces mesures constituent le socle sur lequel repose aujourd'hui la stratégie de cybersécurité gouvernementale, visant à protéger les données des citoyens et assurer la continuité des services publics. Une surveillance centralisée 24/7/365 L'un des projets phares actuels est la mise en place d'un service de surveillance centralisé fonctionnant 24 heures sur 24, 7 jours sur 7, 365 jours par année, basé sur l'intelligence artificielle. Historiquement, chaque organisme public devait assurer sa propre surveillance, ce qui créait des disparités importantes selon les ressources disponibles. Les petits organismes ne pouvaient pas se permettre d'avoir du personnel de garde en permanence. Le nouveau système centralise les données provenant de multiples sources : les EDR (antivirus avancés), les balayages de vulnérabilités externes et internes, les PDNS (pour surveiller les employés en télétravail), et les vérifications des Active Directory. Toutes ces informations convergent vers des SIEM et SOAR locaux, basés sur l'IA, permettant une vue d'ensemble complète de l'état de sécurité du gouvernement. Le gouvernement collabore également avec des firmes privées pour assurer cette surveillance continue. Fait intéressant, le coût de ce service est environ deux fois moins élevé que ce que paient certaines organisations privées, tout en offrant un niveau de service supérieur. Le regroupement RHI : une révolution organisationnelle Un changement majeur qui n'a pas reçu l'attention médiatique qu'il mérite est le regroupement RHI, qui intègre la cybersécurité de 52 organismes publics (ministères et organismes) directement au sein du MCN (Ministère de la Cybersécurité et du Numérique). Cette centralisation, qui prendra effet à partir du 1er avril, permettra d'harmoniser les choix technologiques et stratégiques dans tout l'appareil gouvernemental. Comme le souligne Fournier, ce n'est pas parce qu'un organisme est petit qu'il doit avoir une sécurité moins robuste, car tous les systèmes sont interconnectés et une vulnérabilité dans un petit organisme peut compromettre l'ensemble. L'automatisation et la réactivité L'un des enjeux majeurs identifiés par Fournier est la vitesse à laquelle les attaques se produisent désormais. Avec l'arrivée de l'intelligence artificielle, le nombre d'attaques a augmenté drastiquement, et le temps entre la découverte d'une vulnérabilité zero-day et son exploitation est passé de plusieurs jours ou semaines à environ quatre heures. Cette réalité impose une automatisation des réponses. Le nouveau système permettra non seulement de détecter les menaces en temps réel, mais aussi d'automatiser les réactions : bloquer automatiquement les serveurs compromis, déployer centralement les indicateurs de compromission (IOC) sur tous les pare-feu du gouvernement, et même arrêter préventivement les services à risque. L'exemple de la vulnérabilité SharePoint illustre bien cette capacité : le Québec a agi rapidement en fermant les systèmes vulnérables, alors qu'une autre province a subi le piratage de 900 serveurs SharePoint. Reconnaissance internationale et création de CVE Un accomplissement remarquable est que le Québec (et non le Canada) fait maintenant partie des 20 organisations mondiales autorisées à créer des CVE (Common Vulnerabilities and Exposures), aux côtés du Luxembourg. Cette reconnaissance témoigne de l'excellence des équipes de pentesting québécoises, qui découvrent régulièrement des vulnérabilités, parfois avec l'aide de pentesteurs virtuels basés sur l'IA. Le balayage de vulnérabilités : externe et interne Le balayage externe des vulnérabilités, déployé massivement pendant le confinement, permet déjà une visibilité complète sur la surface d'attaque visible depuis Internet. Le balayage interne, actuellement en cours de déploiement, apportera une dimension supplémentaire cruciale. Au-delà de l'identification des vulnérabilités, ces outils permettront de créer un inventaire automatisé et centralisé de tous les équipements, logiciels, et même des microcodes des contrôleurs de stockage et des BIOS. Cet inventaire facilitera grandement la gestion des risques : lorsqu'une nouvelle vulnérabilité est annoncée, il sera possible de cibler immédiatement les organismes concernés plutôt que d'alerter tout le monde. De plus, cet inventaire donnera une vision claire de la dette technique et permettra de prioriser les investissements en fonction des risques réels. Le défi des objets connectés Fournier identifie les objets connectés (IoT) comme un défi majeur pour l'avenir. Ces dispositifs, de plus en plus présents dans l'environnement gouvernemental (santé, transport, construction), posent des problèmes de sécurité particuliers. La majorité des microcodes sont produits par cinq grandes compagnies chinoises, et ces objets peuvent contenir des fonctionnalités insoupçonnées, comme la reconnaissance faciale dans un drone à 40 dollars. L'exemple du thermomètre d'aquarium ayant servi de point d'entrée pour paralyser un casino pendant 24 heures illustre les risques associés. Pour Fournier, avoir un inventaire complet des objets connectés dans l'appareil gouvernemental représente le “Saint Graal” de la cybersécurité. Le projet de loi 82 et les infrastructures critiques Le projet de loi 82 confère pour la première fois au gouvernement du Québec une responsabilité dans la sécurité des infrastructures critiques de la société civile. Cela inclut l'eau, l'électricité, et d'autres services essentiels. Le gouvernement commence déjà à travailler avec certaines municipalités qui manifestent un vif intérêt pour cette collaboration, particulièrement importante considérant la vulnérabilité des systèmes de gestion de l'eau. Conclusion Les initiatives présentées par Yvan Fournier démontrent que le gouvernement du Québec prend la cybersécurité au sérieux et investit massivement dans la protection de ses systèmes et des données des citoyens. La centralisation des ressources, l'automatisation des réponses, la surveillance continue, et l'adoption de technologies basées sur l'IA positionnent le Québec comme un leader en matière de cybersécurité gouvernementale. Ces efforts et combinés à l'ouverture au code source, tracent la voie vers un avenir numérique plus sûr pour tous les Québécois. Collaborateurs Nicolas-Loïc Fortin Yvan Fournier Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

Ryan Glynn, Staff Security Engineer at Compass, has a practical AI implementation strategy for security operations. His team built machine learning models that removed 95% of on-call burden from phishing triage by combining traditional ML techniques with LLM-powered semantic understanding. He also explores where AI agents excel versus where deterministic approaches still win, why tuning detection rules beats prompt-engineering agents, and how to build company-specific models that solve your actual security problems rather than chasing vendor promises about autonomous SOCs.Topics discussed:Language models excel at documentation and semantic understanding of log data for security analysis purposesUsing LLMs to create binary feature flags for machine learning models enables more flexible detection engineeringAgentic SOC platforms sometimes claim to analyze data they aren't actually querying accurately in practiceTuning detection rules directly proves more reliable than trying to prompt-engineer agent analysis behaviorIntent classification in email workflows helps automate triage of forwarded and reported phishing attempts effectivelyCustom ML models addressing company-specific burdens can achieve 95% reduction in analyst workload for targeted problemsAlert tagging systems with simple binary classifications enable better feedback loops for AI-assisted detection tuningContext gathering costs in security make efficiency critical when deploying AI agents across diverse data sourcesQuery language complexity across SIEM platforms creates challenges for general-purpose LLM code generation capabilitiesExplainable machine learning models remain essential for security decisions requiring human oversight and accountabilityListen to more episodes: Apple Spotify YouTubeWebsite

Es findet zwar im Schweizerischen Davos statt, ist aber letztendlich eine von den USA dominierte und kritiklose Sales-Show für Politik und Wirtschaft. Diesen Eindruck bekommt man, wenn man etwa den Schilderungen des österreichischen Investors Benjamin Ruschin folgt, der dieses Jahr am World Economic Forum für sein Unternehmen WeAreDevelopers vor Ort war. In diesem Podcast geht es um folgende Themen:

In deze zeer persoonlijke aflevering van de podcast praten Andries en Rianne over grote omwentelingen in het leven en wat je ervan kunt leren. Rianne noemt dit soort omwentelingen: authentieke levenservaringen. Andries is de afgelopen 2 maanden op reis geweest door de Himalaya en de oerwouden van Sri-Lanka. Wat deze ongelofelijk bijzondere reis hem heeft geleerd, deelt hij enthousiast met je in deze aflevering. En zoals je dit inmiddels van Andries gewend bent, komen er weer een paar prachtige zinnen voorbij, die we zo kunnen inlijsten.Rianne heeft een heel andere ervaring meegemaakt. Een maand nadat ze het koopcontract heeft getekend voor haar nieuwe huis op een historisch landgoed in Frankrijk, gaat de woning op in vlammen. Dit zou de plek moeten worden waar ze retraites wilde gaan geven voor Ontdek je Heilige Graal. Het is ook de plek waar ze al meer dan 2,5 jaar mee bezig is om het te kopen. Nu haar droom en verlangen in rook is opgegaan, vraagt het leven iets heel anders van haar en haar geliefde Siem. Wat? Je hoort het in de podcast.Ontdek je Heilige Graal heeft iets nieuws: een online-training: Hoe (her)stel ik gezonde grenzen? In deze 13-delige training ontdek je hoe jij jouw grenzen kunt herstellen als deze poreus of verhard zijn geraakt, of wanneer je niet weet hoe je grenzen kunt stellen. Wil je deelnemen aan de online-training? Kijk dan op de vertrouwde plek:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://ontdekjeheiligegraal.com/shop⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠UPDATE: DEZE HELINGSDRIEDAAGSE ZIT VOL. MAAR JE KUNT JE AL WEL OPGEVEN VOOR HET ⁠⁠⁠⁠HELINGSJAAR⁠⁠⁠⁠. Van 30 januari - 1 februari is het voorlopig de laatste kans om aan een Helingsdriedaagse mee te doen is . Het is dé boost voor je helingspad. Hier dompel je je drie dagen onder op de prachtige De Hoorneboeg om jezelf binnenstebuiten te keren, trauma aan te kijken, pijn en angst los te laten en vol inzichten en blijvende transformaties weer naar huis te gaan. Geef je nu op, want er is beperkt plek.⁠⁠⁠⁠⁠⁠⁠https://ontdekjeheiligegraal.com/product/helingsdriedaagse-30-januari-1-februari/⁠⁠⁠⁠⁠⁠⁠Wil jij binnen een jaar weer volledig leven vanuit regie? Meld je dan aan voor het Helingsjaar. Het is een jaar vol persoonlijke begeleiding, bemoedigende verhalen, nieuwe inzichten en ondersteuning bij jouw uitdagingen. Mensen die je zijn voorgegaan noemen het jaar levensveranderend. De aftrap is op 17 april met een live-dag. Kijk voor meer informatie en toegang op:⁠⁠⁠https://ontdekjeheiligegraal.com/product/ontdek-je-heilige-graal-helingsjaar-start-17-april/⁠⁠Ben je geïnteresseerd in het (e-)boek Ontdek je Heilige Graal of het bijpassende werkboek? Check dan:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://ontdekjeheiligegraal.com/shop/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Wil je als eerste op de hoogte zijn van alle events of nieuwe plannen van Ontdek je Heilige Graal? Meld je dan aan voor de nieuwsbrief: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://ontdekjeheiligegraal.com/nieuwsbrief⁠⁠⁠⁠

Spencer Siem is a New Mexico–based fly fishing guide known for his deep knowledge of Southwestern waters and his connection to the Feather Thief legacy. Blending technical precision with a reverence for fly-tying history, Spencer approaches guiding as both craft and storytelling. His work reflects a respect for tradition, a curiosity for innovation, and a quiet dedication to passing the culture of fly fishing forward. In this episode of Anchored, we learn more about his story. Looking to go deeper with your learning? Come see what we've been working on at AnchoredOutdoors.com. We've built a library of 30 in-depth, sequentially organized Masterclasses taught by past guests of this podcast — and we've watched over 1,000 members grow their confidence and skills on the water. Want to check it out for free? No money down, no strings attached. Just head to anchoredoutdoors.com/premium-insiders/ Anchored listeners can get 10% off their first order with Skwala by using the code “anchored10” at check out. See for yourself at skwalafishing.com Learn more about your ad choices. Visit megaphone.fm/adchoices

Beschäftigte müssen im neuen Jahr mehr arbeiten als im vorigen - im Schnitt 2,4 Arbeitstage. Denn 2026 fallen mehr Feiertage auf ein Wochenende. Sollten sie nachgeholt werden wie in anderen europäischen Ländern? Von Tabea Schoser

Send us a textA neighboring Wi‑Fi, a handful of stolen credentials, and a quiet leap into a high‑value network—the kind of pivot that sounds cinematic until you realize how practical it is. We unpack that playbook and turn it into concrete defenses you can deploy across your environment, from client endpoints and browsers to databases, servers, and industrial control systems.We start at the edge, where phishing, drive‑by downloads, and man‑in‑the‑middle still win far too often. You'll get a clear blueprint for upgrading endpoint security with EDR, strict patching, and browser hardening, plus when to retire or sandbox legacy applets and how to stop sensitive data bleeding from local caches. From there we map the landscape of modern data platforms: the internal, conceptual, and external layers of databases; the resilience of distributed DBs; the interoperability and pitfalls of ODBC; and the security tradeoffs between NoSQL flexibility and relational ACID guarantees. Expect practical guardrails like TLS on every link, parameterized queries for SQLi defense, and role‑based access with tight segregation of duties.Finally, we focus on servers and ICS, where downtime costs real money and, in OT, can impact safety. Learn how to prioritize hardening and patching without breaking legacy apps, isolate critical services to reduce blast radius, centralize logging to a SIEM, and apply the Purdue model to segment OT from IT. We share tested moves for OT environments—firewalls and DMZs, constrained remote access, realistic backup and recovery plans—and explain how to integrate safety and cybersecurity so alarms, procedures, and people work as one.If you find this valuable, subscribe, share it with a teammate who owns Wi‑Fi or databases, and leave a quick review telling us the first control you'll implement this week. Your feedback helps more practitioners discover tools that actually reduce risk.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Every vendor in exposure management now says they do CTEM. Nick Lanta's response: "You don't even know what you're talking about." This episode with Nick Lantuh (CyberProof) and Amy Chaney (Citibank) breaks down how a methodology became a meaningless marketing term and how buyers can fight back. The reality check: CTEM requires connecting vuln scanning, endpoint, SIEM, cloud, email, network—not just one of them Adding CAASM or external attack surface management doesn't make you a CTEM vendor Most organizations doing "CTEM" are actually using spreadsheets and manual threat intel fusion Why services-led beats platform-first (60x revenue growth proved it) The disingenuity problem: vendors spray the term, buyers have to unpack it Amy's evaluated these claims at the world's largest banks. Nick built the solution that actually connects the pieces. Together, they arm you with the filter.

professorjrod@gmail.comIn this episode of Technology Tap: CompTIA Study Guide, we dive deep into incident response, forensics, and monitoring essentials crucial for your tech exam prep. Learn the full incident response lifecycle—preparation, detection, analysis, containment, eradication, recovery, and lessons learned—to develop your IT skills and master concepts important for the CompTIA exam. We discuss how having a solid plan, defined roles, and effective communication helps IT teams maintain clarity when systems fail. Tune in for real-world examples showing how SOC analysts escalate brute force attacks, how teams preserve evidence for forensics, and how incident debriefs lead to stronger security measures like multi-factor authentication. This episode is an essential part of your CompTIA study guide and technology education journey.We then turn to digital forensics and make it concrete. Legal hold, due process, and chain of custody aren't buzzwords—they're the difference between actionable findings and inadmissible claims. We break down the order of volatility, memory and disk acquisition, hashing, and write blockers, plus the reporting and e‑discovery steps that transform artifacts into a defensible narrative. If you've ever wondered when to pull the plug or why RAM matters, this segment gives you the why and the how.Finally, we zoom out to monitoring and the tools that power modern security operations. From Windows logs and Syslog to IDS, IPS, NetFlow, and packet capture with Wireshark, we show how each source fits the puzzle. We unpack SIEM fundamentals—log aggregation, normalization, correlation, alert tuning—and share strategies to beat alert fatigue without missing true positives. To round it out, we offer certification guidance across A+, Network+, Security+, and Tech+, helping you choose the right path whether you're SOC-bound or supporting compliance from another business unit.Subscribe for more practical cybersecurity breakdowns, share this with a teammate who needs a stronger IR playbook, and leave a review with your biggest monitoring or forensics question—we may feature it next time.Support the showArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

professorjrod@gmail.comIn this episode of Technology Tap: CompTIA Study Guide, we dive deep into cloud security fundamentals, perfect for those preparing for the CompTIA Security+ exam. Join our study group as we explore the shifting security landscape from locked server rooms to identity-based perimeters and data distributed across regions. This practical, Security+-ready guide connects architecture choices to real risks and concrete defenses, offering valuable IT certification tips and tech exam prep strategies. Whether you're focused on your CompTIA exam or looking to enhance your IT skills development, this episode provides essential insights to help you succeed in technology education and advance your career.We start by grounding the why: elasticity, pay-per-use costs, and resilience pushed organizations toward public, private, community, and hybrid clouds. From there, we map service models—SaaS, PaaS, IaaS, and XaaS—and the responsibilities each one assigns. You'll hear how thin clients reduce device risk, why a transit gateway can become a blast radius, and where serverless trims surface area while complicating visibility. Misunderstanding the shared responsibility model remains the leading cause of breaches, so we spell out exactly what providers secure and what you must own.Identity becomes the new perimeter, so we detail IAM guardrails: least privilege, no shared admins, MFA on every privileged account, short-lived credentials, and continuous auditing. We cover encryption in all three states with AES-256, TLS 1.3, HSMs, and customer-managed keys, then add CASB for SaaS control and SASE to bring ZTNA, FWaaS, and DLP to the edge where users actually work. Virtualization and containers deliver speed and density but expand the attack surface: VM escapes, snapshot theft, and poisoned images require hardened hypervisors, signed artifacts, private registries, secret management, and runtime policy. Hybrid and multi-cloud introduce inconsistent IAM and fragmented logging—centralized identity, unified SIEM, CSPM, and infrastructure-as-code guardrails bring discipline back.We wrap with the patterns attackers exploit—public storage exposure, stolen API keys, unencrypted backups, and supply chain compromises—and the operating principles that stop them: zero trust, verification over assumption, and automation that responds at machine speed. Stick around for four rapid Security+ practice questions to test your skills and cement the concepts.If this helped you study or sharpen your cloud strategy, follow and subscribe, share it with a teammate, and leave a quick review telling us which control you'll deploy first.Support the showArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

Les agents IA permettent aujourd'hui une "hyper-automatisation" des tâches en entreprise. C'est la mission que s'est fixée la startup française MindflowInterview : Evan Bourgouin, Directeur des opérations de MindflowL'hyper-automatisation agentique, concrètement, qu'est-ce que cela change pour les entreprises ?Nous automatisons les tâches répétitives dès qu'un humain, un ordinateur et un processus entrent en jeu. Beaucoup d'organisations utilisent déjà des services comme AWS, Microsoft Azure ou encore Salesforce et SAP, mais ces systèmes restent souvent isolés.Chez Mindflow, notre obsession, c'est l'intégration : connecter chaque service, chaque opération, au niveau le plus granulaire.Sur cette base, nous automatisons des processus dans la cybersécurité, l'IT ou les ressources humaines — par exemple l'onboarding d'un collaborateur, la création d'accès, de rôles, de comptes sur des outils comme Jira ou un CRM. Ce sont des tâches indispensables, mais pas celles où la valeur humaine est la plus forte.Quel est l'impact sur la cybersécurité et la charge des équipes ?Dans la cybersécurité, recevoir 100 alertes par jour sur un SIEM comme Splunk ou Microsoft Sentinel est devenu courant. Avec une équipe restreinte, une partie finit forcément par ne pas être traitée.Nous automatisons donc une part de ces réponses, tout en gardant l'humain dans la boucle.Cela change radicalement le quotidien : c'est un secteur où l'épuisement professionnel est très élevé. Les jeunes analystes arrivent et se font submerger par les tâches répétitives. En retirant cette charge, on leur permet de se concentrer sur l'analyse et la résolution de nouvelles menaces.Les utilisateurs vont du C-level jusqu'à l'alternant : chacun retrouve une capacité à créer, à améliorer son travail, en s'appuyant sur la plateforme.Automatisation ou agentique : comment expliquer la différence ?L'automatisation est déterministe : même input → même output.L'agentique, elle, adapte son comportement en fonction du contexte — par exemple une alerte différente sur ServiceNow ou une anomalie détectée dans un ERP. Mais on n'a pas besoin d'IA partout : certaines entreprises ne souhaitent pas envoyer leurs données dans des modèles d'IA pour des raisons de confidentialité.La vraie différence, c'est que nous avons résolu le problème de l'intégration, ce qui fait de Mindflow « l'IA du dernier kilomètre ». Une fois qu'on sait se connecter à AWS, Azure, Salesforce, Jira, un ERP ou un data lake, l'agent peut vraiment agir. Sans intégration, rien n'est possible.Comment une entreprise démarre-t-elle un projet d'automatisation ?Tout commence par une volonté interne et une culture favorable. Avec nos clients — souvent de grands groupes comme LVMH, Hermès, Thales ou Auchan — nous réalisons un état des lieux : où sont les goulots d'étranglement, quelles équipes sont surchargées, quels profils veulent devenir "builders".Une fois l'intégration réalisée, tout s'accélère. Les quick wins sont fréquemment dans la cyber, l'IT ou le support opérationnel, mais chaque entreprise a ses propres cas d'usage, même si elles utilisent parfois les mêmes outils.-----------♥️ Soutien : https://mondenumerique.info/don

All links and images can be found on CISO Series. Check out this post by Christofer Hoff of Truist for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Caleb Sima, builder, WhiteRabbit. Joining them is Crystal Chatam, vp of cybersecurity, Speedcast. In this episode: Understanding the fundamentals The grift of superficial expertise Hands-on experience matters  A vulnerability at the leadership level Huge thanks to our sponsor, Stellar Cyber By shining a bright light on the darkest corners of security operations, Stellar Cyber empowers organizations to see incoming attacks, know how to fight them, and act decisively – protecting what matters most. Stellar Cyber's award-winning open security operations platform includes AI-driven SIEM, NDR, ITDR, Open XDR, and Multi-Layer AI™ under one unified platform with a single license. With ⅓ of the global top 250 MSSPs and over 14,000 customers worldwide, Stellar Cyber is one of the most trusted leaders in security operations. Learn more at https://stellarcyber.ai/.  

professorjrod@gmail.comIn this episode of Technology Tap: CompTIA Study Guide, we delve into endpoint security—a crucial topic for anyone preparing for IT certification exams, especially CompTIA. Traditional firewalls no longer fully protect your network; attackers now exploit endpoints like laptops, phones, printers, and smart devices to breach security. We explore how threats bypass perimeter defenses by targeting users and devices directly, and explain essential controls such as hardening, segmentation, encryption, patching, behavior analytics, and access management. Whether you're studying for your CompTIA exam or seeking practical IT skills development, this episode offers critical insights and IT certification tips to strengthen your understanding of cybersecurity fundamentals. Tune in to enhance your tech exam prep and advance your technology education journey.We start with foundations that actually move risk: baseline configurations, aggressive patch management, and closing unnecessary ports and services. From there we layer modern defenses—EDR and XDR for continuous telemetry and automated containment, UEBA to surface the 3 a.m. login or odd data pulls, and the underrated duo of least privilege and application allow listing to deny unknown code a chance to run. You'll hear why full disk encryption is non‑negotiable and how policy, not heroics, sustains security over time.Mobile endpoints take center stage with clear tactics for safer travel and remote work: stronger screen locks and biometrics, MDM policies that enforce remote wipe and jailbreak detection, and connection hygiene that favors VPN and cellular over public Wi‑Fi. We break down evil twin traps, side loading risks, and permission sprawl, then pivot to IoT realities—default passwords, stale firmware, exposed admin panels—and how VLAN isolation and firmware schedules defang them. A real case of a chatty lobby printer becoming an attack pivot drives home the need for logging and outbound controls through SIEM.The takeaway is simple and urgent: if it connects, it can be attacked, and if it's hardened, segmented, encrypted, and monitored, it can be defended. Subscribe for more practical security deep dives, share this with a teammate who owns devices or networks, and leave a review to tell us which control you'll deploy first.Support the showArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

In this episode, Cliff Crosland, CEO & co-founder of Scanner.dev, shares his candid journey of trying (and initially failing) to build an in-house security data lake to replace an expensive traditional SIEM.Cliff explains the economic breaking point where scaling a SIEM became "more expensive than the entire budget for the engineering team". He details the technical challenges of moving terabytes of logs to S3 and the painful realization that querying them with Amazon Athena was slow and costly for security use cases .This episode is a deep dive into the evolution of logging architecture, from SQL-based legacy tools to the modern "messy" data lake that embraces full-text search on unstructured data. We discuss the "data engineering lift" required to build your own, the promise (and limitations) of Amazon Security Lake, and how AI agents are starting to automate detection engineering and schema management.Guest Socials -⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cliff's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠Questions asked:(00:00) Introduction(02:25) Who is Cliff Crosford?(03:00) Why Teams Are Switching from SIEMs to Data Lakes(06:00) The "Black Hole" of S3 Logs: Cliff's First Failed Data Lake(07:30) The Engineering Lift: Do You Need a Data Engineer to Build a Lake?(11:00) Why Amazon Athena Failed for Security Investigations(14:20) The Danger of Dropping Logs to Save Costs(17:00) Misconceptions About Building Your Own Data Lake(19:00) The Evolution of Logging: From SQL to Full-Text Search(21:30) Is Amazon Security Lake the Answer? (OCSF & Custom Logs)(24:40) The Nightmare of Log Normalization & Custom Schemas(28:00) Why Future Tools Must Embrace "Messy" Logs(29:55) How AI Agents Are Automating Detection Engineering(35:45) Using AI to Monitor Schema Changes at Scale(39:45) Build vs. Buy: Does Your Security Team Need Data Engineers?(43:15) Fun Questions: Physics Simulations & Pumpkin Pie

Podcast: Simply ICS CyberEpisode: S2 E8: The Value of ICS & OT ExercisesPub date: 2025-11-19Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of Simply ICS Cyber, Don and Tom welcome Sam Blaney, retired Chief Warrant Officer (CW3) from the Georgia National Guard and current cybersecurity professor at the University of North Georgia.Sam shares insights from his career building and leading Cyber Protection Team 170, his transition into teaching, and his continued work helping state and local governments strengthen cybersecurity.The conversation digs into Sam's recent experience coaching students at the Department of Energy CyberForce Competition, where the University of North Georgia team defended a simulated offshore drilling platform with both IT and OT components.Sam discusses what made the event realistic, how students approached identity and access management, OT network analysis, and what they learned about preparation, tooling, and industrial control system challenges.The group also explores:- Effective defense preparation for cyber competitions- Building and tuning SIEM tools for constrained environments- The value of exercises like CCDC and CyberShield- How multidisciplinary tabletops improve communication across organizations- The increasing role of AI in attack and defense, including the Anthropic AI-assisted malware research- Concerns about AI-driven automation, skill multiplier effects, and the importance of understanding fundamentalsResources:Sam Blaney: https://www.linkedin.com/in/samblaney65/University of North Georgia: https://ung.edu/DOE CyberForce Program: https://cyberforce.energy.gov/ US CyberCom: https://www.cybercom.mil/National Guard Cyber Defense Team: https://www.nationalguard.mil/Portals/31/Resources/Fact%20Sheets/Cyber%20Defense%20Team%202022.pdfNational Guard CyberShield: https://www.dvidshub.net/feature/CyberShield25Anthropic Malware Write-up: https://www.anthropic.com/news/disrupting-AI-espionage=========================

In this episode of the Humanitarian AI Today podcast, Siem Vaessen, CEO of Zimmerman and an IATI Governing Technical Board Member, and Sylvan Ridderinkhof, Data Engineer at Zimmerman, joined Brent Phillips to discuss the critical intersection of artificial intelligence, open data, and humanitarian collaboration amidst a rapidly changing and advancing landscape. Drawing on insights from the NetHope Summit, the guests highlighted a consensus that the sector must collaborate more closely around AI and open data sharing, a necessity largely driven by significant cuts in aid funding. Siem, Sylvan and Brent discussed Zimmerman's long-standing commitment to the International Aid Transparency Initiative (IATI), an open data sharing framework widely used by humanitarian organizations to share granular information on aid activities, transactions and results. The discussion delved into Zimmerman's work and its future roadmap, focusing on enhancing the usability and quality of IATI data and on simplifying the complex process of reporting aid activities through IATI. They touched on the launch of Zimmerman's updated AIDA (Aid Information Data Analytics) data platform and on other Zimmerman products and services tailored for the humanitarian aid and development communities and how they're looking at ways of leveraging AI to improve search capabilities and support data enrichment processes. They also however caution listeners on risks posed by AI adoption, capable of potentially impacting IATI data quality and usability. Because AI models and agents aren't natively trained to understand complex and subtle differences in ways that organizations report aid activities and publish their data, AI applications risk misinterpreting aid activity information. The use of AI applications to enhance and augment IATI data could add to these challenges, making complex, granular analysis of IATI data difficult or prone to misinterpretation without measures being taken to mitigate these risks . Ultimately, the guests stressed that the progress of humanitarian technology hinges not just on powerful tools but on responsible innovation and a greater commitment to collaboration, including actively engaging with local actors and organizations that may traditionally be excluded from technical discussions on uses of AI. Interview notes: https://humanitarianaitoday.medium.com/siem-vaessen-from-zimmerman-on-iati-collaboration-around-ai-and-the-development-aid-landscape-ebd36e0f20e9

How do you establish trust in an AI SOC, especially in a regulated environment? Grant Oviatt, Head of SOC at Prophet Security and a former SOC leader at Mandiant and Red Canary, tackles this head-on as a self-proclaimed "AI skeptic". Grant shared that after 15 years of being "scared to death" by high-false-positive AI, modern LLMs have changed the game .The key to trust lies in two pillars: explainability (is the decision reasonable?) and traceability (can you audit the entire data trail, including all 40-50 queries?) . Grant talks about yje critical architectural components for regulated industries, including single-tenancy , bring-your-own-cloud (BYOC) for data sovereignty , and model portability.In this episode we will be comparing AI SOC to traditional MDRs and talking about real-world "bake-off" results where an AI SOC had 99.3% agreement with a human team on 12,000 alerts but was 11x faster, with an average investigation time of just four minutes .Guest Socials -⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠Grant's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠(00:00) Introduction(02:00) Who is Grant Oviatt?(02:30) How to Establish Trust in an AI SOC for Regulated Environments(03:45) Explainability vs. Traceability: The Two Pillars of Trust(06:00) The "Hard SOC Life": Pre-AI vs. AI SOC(09:00) From AI Skeptic to AI SOC Founder: What Changed? (10:50) The "Aha!" Moment: Breaking Problems into Bite-Sized Pieces(12:30) What Regulated Bodies Expect from an AI SOC(13:30) Data Management: The Key for Regulated Industries (PII/PHI) (14:40) Why Point-in-Time Queries are Safer than a SIEM (15:10) Bring-Your-Own-Cloud (BYOC) for Financial Services (16:20) Single-Tenant Architecture & No Training on Customer Data (17:40) Bring-Your-Own-Model: The Rise of Model Portability (19:20) AI SOC vs. MDR: Can it Replace Your Provider? (19:50) The 4-Minute Investigation: Speed & Custom Detections (21:20) The Reality of Building Your Own AI SOC (Build vs. Buy)(23:10) Managing Model Drift & Updates(24:30) Why Prophet Avoids MCPs: The Lack of Auditability (26:10) How Far Can AI SOC Go? (Analysis vs. Threat Hunting)(27:40) The Future: From "Human in the Loop" to "Manager in the Loop" (28:20) Do We Still Need a Human in the Loop? (95% Auto-Closed) (29:20) The Red Lines: What AI Shouldn't Automate (Yet) (30:20) The Problem with "Creative" AI Remediation(33:10) What AI SOC is Not Ready For (Risk Appetite)(35:00) Gaining Confidence: The 12,000 Alert Bake-Off (99.3% Agreement) (37:40) Fun Questions: Iron Mans, Texas BBQ & SeafoodThank you to Prophet Security for sponsoring this episode.

Guests: Alexander Pabst, Deputy Group CISO, Allianz Lars Koenig,  Global Head of D&R, Allianz  Topics:  Moving from traditional SIEM to an agentic SOC model, especially in a heavily regulated insurer, is a massive undertaking. What did the collaboration model with your vendor look like?  Agentic AI introduces a new layer of risk - that of unconstrained or unintended autonomous action. In the context of Allianz, how did you establish the governance framework for the SOC alert triage agents? Where did you draw the line between fully automated action and the mandatory "human-in-the-loop" for investigation or response? Agentic triage is only as good as the data it analyzes. From your perspective, what were the biggest challenges - and wins - in ensuring the data fidelity, freshness, and completeness in your SIEM to fuel reliable agent decisions? We've been talking about SOC automation for years, but this agentic wave feels different. As a deputy CISO, what was your primary, non-negotiable goal for the agent? Was it purely Mean Time to Respond (MTTR) reduction, or was the bigger strategic prize to fundamentally re-skill and uplevel your Tier 2/3 analysts by removing the low-value alert noise? As you built this out, were there any surprises along the way that left you shaking your head or laughing at the unexpected AI behaviors? We felt a major lack of proof - Anton kept asking for pudding - that any of the agentic SOC vendors we saw at RSA had actually achieved anything beyond hype! When it comes to your org, how are you measuring agent success?  What are the key metrics you are using right now? Resources: EP238 Google Lessons for Using AI Agents for Securing Our Enterprise EP242 The AI SOC: Is This The Automation We've Been Waiting For? EP249 Data First: What Really Makes Your SOC 'AI Ready'? EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI "Simple to Ask: Is Your SOC AI Ready? Not Simple to Answer!" blog "How Google Does It: Building AI agents for cybersecurity and defense" blog Company annual report to look for risk "How to Win Friends and Influence People" by Dale Carnegie "Will It Make the Boat Go Faster?" book

In this episode of the Need to Know Podcast, we explore the evolving landscape of learning in the Microsoft Cloud ecosystem, with a spotlight on the SMB market. From the latest in Microsoft 365 Copilot innovations to critical cybersecurity updates and the end of CIAOPS Academy, this episode delivers essential insights for IT professionals and business leaders navigating the modern digital workplace. Resources Explore the tools, communities, and content mentioned in this episode: CIAOPS Need to Know Podcast: https://ciaops.podbean.com/  CIAOPS Blog: https://blog.ciaops.com/  CIAOPS Labs: https://blog.ciaopslabs.com/  CIAOPS Brief: https://blog.ciaops.com/tag/cia-brief/  Join the Teams Shared Channel: https://blog.ciaops.com/2022/07/29/join-my-teams-shared-channel/  CIAOPS Merch Store: https://my-store-c5d877-2.creator-spring.com/  Become a Patron: https://www.ciaopspatron.com/  Direct Support: https://ko-fi.com/ciaops  Get Your M365 Questions Answered: https://blog.ciaops.com/2025/06/11/get-your-m365-questions-answered-via-email-2/  Test Your Microsoft 365 Speed: https://blog.ciaops.com/2025/07/21/test-your-microsoft-365-speed-in-seconds-for-free/  CIAOPS Email list - https://bit.ly/cia-email   Announcements Flight School: Mastering Copilot for IT Pros – https://blog.ciaops.com/2025/11/14/flight-school-mastering-copilot-for-it-pros/  Disabling Office Macros via ASR to Meet Essential Eight Requirements – https://blog.ciaops.com/2025/11/13/disabling-office-macros-via-asr-to-meet-essential-eight-requirements/  ASD OWA settings check script – https://blog.ciaops.com/2025/11/13/asd-owa-settings-check-script/  ASD Mailflow settings check script – https://blog.ciaops.com/2025/11/12/asd-mailflow-settings-check-sript/  CIAOPS Academy deprecation notification – https://blog.ciaops.com/2025/11/10/ciaops-academy-deprecation-notification/  Show Notes The next chapter of the Microsoft–OpenAI partnership – https://blogs.microsoft.com/blog/2025/10/28/the-next-chapter-of-the-microsoft-openai-partnership/ Automate with Workflows Agent in Microsoft 365 Copilot (Frontier) – https://www.youtube.com/watch?v=Vvk1ScZT-lo Introducing Researcher with Computer Use in Microsoft 365 Copilot – https://techcommunity.microsoft.com/blog/microsoft365copilotblog/introducing-researcher-with-comput… Build apps in minutes with App Builder agent in Microsoft 365 Copilot (Frontier) – https://www.youtube.com/watch?v=v27H_R1ltB0 Microsoft 365 Copilot now enables you to build apps and workflows – https://www.microsoft.com/en-us/microsoft-365/blog/2025/10/28/microsoft-365-copilot-now-enables-you Introducing Teams Mode for Microsoft 365 Copilot – https://techcommunity.microsoft.com/blog/microsoft365copilotblog/introducing-teams-mode-for-microso… Introducing MAI-Image-1, debuting in the top 10 on LMArena – https://microsoft.ai/news/introducing-mai-image-1-debuting-in-the-top-10-on-lmarena/ Building human-centric security skills for AI – https://techcommunity.microsoft.com/blog/microsoftlearnblog/building-human-centric-security-skills-… GenAI vs Cyber Threats: Why GenAI Powered Unified SecOps Wins – https://techcommunity.microsoft.com/blog/microsoft-security-blog/genai-vs-cyber-threats-why-genai-p… What's new in Microsoft 365 Copilot | October 2025 – https://techcommunity.microsoft.com/blog/Microsoft365CopilotBlog/what%E2%80%99s-new-in-microsoft-36… The 5 generative AI security threats you need to know about detailed in new e-book – https://www.microsoft.com/en-us/security/blog/2025/10/30/the-5-generative-ai-security-threats-you-n… SharePoint Showcase highlights: Smarter Copilot responses using metadata with the Knowledge Agent – https://techcommunity.microsoft.com/blog/microsoft365insiderblog/sharepoint-showcase-highlights-sma… Work smarter with Copilot in the People, Files, and Calendar apps – https://techcommunity.microsoft.com/blog/microsoft365insiderblog/work-smarter-with-copilot-in-the-p… The weakest link: Stolen staff passwords now the biggest cyber threat to workplaces – https://www.smh.com.au/politics/federal/the-weakest-link-stolen-staff-passwords-now-the-biggest-cyb… Cyber security priorities for boards of directors 2025-26 – https://www.cyber.gov.au/business-government/protecting-business-leaders/cyber-security-for-busines… Secure external attachments with Purview encryption – https://techcommunity.microsoft.com/blog/azurepurviewblog/secure-external-attachments-with-purview-… What's New in Microsoft Intune: October 2025 – https://techcommunity.microsoft.com/blog/microsoftintuneblog/what%E2%80%99s-new-in-microsoft-intune… Custom detections are now the unified experience for creating detections in Microsoft Defender – https://techcommunity.microsoft.com/blog/microsoftthreatprotectionblog/custom-detections-are-now-th… 10 ways Microsoft Intune supports a smooth upgrade to Windows 11 – https://techcommunity.microsoft.com/blog/microsoftintuneblog/10-ways-microsoft-intune-supports-a-sm… How Windows 11 and AI are transforming the future of work – https://techcommunity.microsoft.com/blog/windows-itpro-blog/how-windows-11-and-ai-are-transforming-… Security Copilot Agents: The New Era of AI, Driven Cyber Defense – https://techcommunity.microsoft.com/blog/microsoft-security-blog/security-copilot-agents-the-new-er… 6 truths about migrating Microsoft Sentinel to the Defender portal – https://techcommunity.microsoft.com/blog/microsoftsentinelblog/6-truths-about-migrating-microsoft-s… Microsoft named a Leader in the 2025 Gartner® Magic Quadrant™ for SIEM – https://www.microsoft.com/en-us/security/blog/2025/10/16/microsoft-named-a-leader-in-the-2025-gartn… Extortion and ransomware drive over half of cyberattacks – https://blogs.microsoft.com/on-the-issues/2025/10/16/mddr-2025/ Microsoft 365 Insider Round-Up: October 2025 – https://www.linkedin.com/pulse/microsoft-365-insider-round-up-october-2025-microsoft-365-insider-ub… Making every Windows 11 PC an AI PC – https://blogs.windows.com/windowsexperience/2025/10/16/making-every-windows-11-pc-an-ai-pc/ Microsoft raises the bar: A smarter way to measure AI for cybersecurity – https://www.microsoft.com/en-us/security/blog/2025/10/14/microsoft-raises-the-bar-a-smarter-way-to-… Building a lasting security culture at Microsoft – https://www.microsoft.com/en-us/security/blog/2025/10/13/building-a-lasting-security-culture-at-mic… Satya – My annual letter: Thinking in decades, executing in quarters – https://www.linkedin.com/pulse/my-annual-letter-thinking-decades-executing-quarters-satya-nadella-7…

When “Normal” Doesn't Work: Rethinking Data and the Role of the SOC AnalystMonzy Merza, Co-Founder and CEO of Crogl, joins Sean Martin and Marco Ciappelli to discuss how cybersecurity teams can finally move beyond the treadmill of normalization, alert fatigue, and brittle playbooks that keep analysts from doing what they signed up to do—find and stop bad actors.Merza draws from his experience across research, security operations, and leadership roles at Splunk, Databricks, and one of the world's largest banks. His message is clear: the industry's long-standing approach of forcing all data into one format before analysis has reached its limit. Organizations are spending millions trying to normalize data that constantly changes, and analysts are paying the price—buried under alerts they can't meaningfully investigate.The conversation highlights the human side of this issue. Analysts often join the field to protect their organizations, but instead find themselves working on repetitive tickets with little context, limited feedback loops, and an impossible expectation to know everything—from email headers to endpoint logs. They are firefighters answering endless 911 calls, most of which turn out to be false alarms.Crogl's approach replaces that normalization-first mindset with an analyst-first model. By operating directly on data where it lives—without requiring migration or schema alignment—it allows every analyst to investigate deeper, faster, and more consistently. Each action taken by one team member becomes shared knowledge for the next, creating an adaptive, AI-driven system that evolves with the organization.For CISOs, this means measurable consistency, auditability, and trust in outcomes. For analysts, it means rediscovering purpose—focusing on meaningful investigations instead of administrative noise.The result is a more capable, connected SOC where AI augments human reasoning rather than replacing it. As Merza puts it, the new normal is no normalization—just real work, done better.Watch the full interview and product demo: https://youtu.be/7C4zOvF9sdkLearn more about CROGL: https://itspm.ag/crogl-103909Note: This story contains promotional content. Learn more.GUESTMonzy Merza, Founder and CEO of CROGL | On LinkedIn: https://www.linkedin.com/in/monzymerza/RESOURCESLearn more and catch more stories from CROGL: https://www.itspmagazine.com/directory/croglBrand Spotlight: The Schema Strikes Back: Killing the Normalization Tax on the SOC: https://brand-stories-podcast.simplecast.com/episodes/the-schema-strikes-back-killing-the-normalization-tax-on-the-soc-a-corgl-spotlight-brand-story-conversation-with-cory-wallace [Video: https://youtu.be/Kx2JEE_tYq0]Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Spotlight Brand Story: https://www.studioc60.com/content-creation#spotlight Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Balazs Scheidler, CEO at Axoflow, original founder of syslog-ng Topics: Are we really coming  to "access to security data" and away from "centralizing the data"? How to detect without the same storage for all logs? Is data pipeline a part of SIEM or is it standalone? Will this just collapse into SIEM soon? Tell us about the issues with log pipelines in the past? What about enrichment? Why do it in a pipeline, and not in a SIEM? We are unable to share enough practices between security teams. How are we fixing it? Is pipelines part of the answer? Do you have a piece of advice for people who want to do more than save on their SIEM costs? Resources: EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective EP190 Unraveling the Security Data Fabric: Need, Benefits, and Futures EP228 SIEM in 2025: Still Hard? Reimagining Detection at Cloud Scale and with More Pipelines Axoflow podcast and Anton on it "Decoupled SIEM: Where I Think We Are Now?" blog "Decoupled SIEM: Brilliant or Stupid?" blog "Output-driven SIEM — 13 years later" blog

Dr. Anton Chuvakin, Security Advisor at Office of the CISO, Google Cloud and a recognized expert in SIEM, log management, and PCI DSS compliance, will help us cut through the buzzwords and discuss modern security operations.Join the Defender Fridays community, live every Friday, to discuss the dynamic world of information security in a collaborative space with seasoned professionals.Dr. Chuvakin is now involved with security solution strategy at Google Cloud, where he arrived via Chronicle Security (an Alphabet company) acquisition in July 2019. He is also a co-host of Cloud Security Podcast.Until June 2019, Dr. Anton Chuvakin was a Research VP and Distinguished Analyst at Gartner for Technical Professionals (GTP) Security and Risk Management Strategies (SRMS) team. At Gartner he covered a broad range of security operations and detection and response topics, and is credited with inventing the term "EDR." He is a recognized security expert in the field of SIEM, log management and PCI DSS compliance. He is an author of books "Security Warrior", "PCI Compliance", "Logging and Log Management" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and others. Anton has published dozens of papers on log management, SIEM, correlation, security data analysis, PCI DSS, honeypots, etc. His blog securitywarrior.org was one of the most popular in the industry.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

Ransomware detection is more complex than most organizations realize. In this episode, cybersecurity expert Mike Saylor breaks down the real-world signs of ransomware attacks—from users complaining about slow computers to smart devices acting strangely. We explore polymorphic malware that changes based on its target, the risks posed by managed service providers using shared credentials, and why milliseconds matter in ransomware detection and response. Mike explains the difference between EDR, XDR, SIEM, and SOAR tools, helping you understand which security solutions you actually need. We also discuss why 24/7 monitoring is non-negotiable and how even small businesses can afford proper ransomware detection capabilities. If you're trying to protect your organization without breaking the bank, this episode offers practical guidance on building your security stack and knowing when to call in expert help.

Can you just use Claude Code or another LLM to "vibe code" your way into building an AI SOC? In this episode, Ariful Huq, Co-Founder and Head of Product at Exaforce spoke about the reality being far more complex than the hype suggests. He explains why a simple "bolt-on" approach to AI in the SOC is insufficient if you're looking for real security outcomes.We speak about foundational elements required to build a true AI SOC, starting with the data. It's "well more than just logs and event data," requiring the integration of config, code, and business context to remove guesswork and provide LLMs with the necessary information to function accurately . The discussion covers the evolution beyond traditional SIEM capabilities, the challenges of data lake architectures for real-time security processing, and the critical need for domain-specific knowledge to build effective detections, especially for SaaS platforms like GitHub that lack native threat detection .This is for SOC leaders and CISOs feeling the pressure to integrate AI. Learn what it really takes to build an AI SOC, the unspoken complexities, and how the role of the security professional is evolving towards the "full-stack security engineer".Guest Socials -⁠ ⁠⁠⁠⁠⁠Ariful's LinkedinPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠Questions asked:(00:00) Introduction(02:30) Who is Ariful Huq?(03:40) Can You Just Use Claude Code to Build an AI SOC?(06:50) Why a "Bolt-On" AI Approach is Tough for SOCs(08:15) The Importance of Data: Beyond Logs to Config, Code & Context(09:10) Building AI Native Capabilities for Every SOC Task (Detection, Triage, Investigation, Response)(12:40) The Impact of Cloud & SaaS Data Volume on Traditional SIEMs(14:15) Building AI Capabilities on AWS Bedrock: Best Practices & Challenges(17:20) Why SIEM Might Not Be Good Enough Anymore(19:10) The Critical Role of Diverse Data (Config, Code, Context) for AI Accuracy(22:15) Data Lake Challenges (e.g., Snowflake) for Real-Time Security Processing(26:50) Detection Coverage Blind Spots, Especially for SaaS (e.g., GitHub)(31:40) Building Trust & Transparency in AI SOCs(35:40) Rethinking the SOC Team Structure: The Rise of the Full-Stack Security Engineer(42:15) Final Questions: Running, Family, and Turkish Food

In the world of cybersecurity, there are big lies that have been perpetuated about compliance, fixability and communication--and it's time to burn it all down and start over.  Many experts see one main cybersecurity truth, especially about AI, SIEM, EDR and related business technology. By examining the intersection of AI, cybersecurity, and compliance, we can gain a deeper understanding of the lies that have been told about the state of cybersecurity and work towards a more secure future. Tune in to this thought-provoking Send us a textGrowth without Interruption. Get peace of mind. Stay Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com Support the show

"The next five years are gonna be wild." That's the verdict from Forrester Principal Analyst Allie Mellen on the state of Security Operations. This episode dives into the "massive reset" that is transforming the SOC, driven by the rise of generative AI and a revolution in data management.Allie explains why the traditional L1, L2, L3 SOC model, long considered a "rite of passage" that leads to burnout is being replaced by a more agile and effective Detection Engineering structure. As a self-proclaimed "AI skeptic," she cuts through the marketing hype to reveal what's real and what's not, arguing that while we are "not really at the point of agentic" AI, the real value lies in specialized triage and investigation agents.Guest Socials -⁠ ⁠⁠⁠Allie's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security PodcastQuestions asked:(00:00) Introduction(02:35) Who is Allie Mellen?(03:15) What is Security Operations in 2025? The SIEM & XDR Shakeup(06:20) The Rise of Security Data Lakes & Data Pipeline Tools(09:20) A "Great Reset" is Coming for the SOC(10:30) Why the L1/L2/L3 Model is a Burnout Machine(13:25) The Future is Detection Engineering: An "Infinite Loop of Improvement"(17:10) Using AI Hallucinations as a Feature for New Detections(18:30) AI in the SOC: Separating Hype from Reality(22:30) What is "Agentic AI" (and Are We There Yet?)(26:20) "No One Knows How to Secure AI": The Detection & Response Challenge(28:10) The Critical Role of Observability Data for AI Security(31:30) Are SOC Teams Actually Using AI Today?(34:30) How to Build a SOC Team in the AI Era: Uplift & Upskill(39:20) The 3 Things to Look for When Buying Security AI Tools(41:40) Final Questions: Reading, Cooking, and SushiResources:You can read Allie's blogs here

October is Cybersecurity awareness month. Get ready to explore the imperative of cyber resiliency in today's digital landscape, focusing on strategies for robust data infrastructures and shared responsibility to plan and recover from cyber attacks. Join Pure Storage cyber experts Scott Taylor and Jason Walker as they delve into the critical aspects of cyber resilience. Learn best practices around how to prepare your organization for potential threats, respond effectively during an attack, and recover swiftly to maintain business continuity. We explore essential hygiene factors, the role of SIEM technology, and the importance of a layered resilience strategy, including insights from key alliance partners like Varonis and Superna. We also cover ways that Pure Storage empowers users to withstand cyberattacks and accelerate both cyber and disaster recovery. Hear best practices on how to protect data from ransomware and cyber threats through high-performance, layered resilience, robust data security and immutability, and seamless security integrations. Scott and Jason also tackle common myths and misconceptions about cyber resilience, providing actionable advice to help IT leaders identify and address blind spots. Tune in for hot takes on industry trends and a "Storage Confessions" segment where listeners can share their own screw-up stories.

"I think the biggest trap to potentially fall into is, "Hey, it's moving so fast, so much is changing. Let's just wait it out." Completely the wrong approach. You just gotta get started." Nick Eayrs from Databricks "As tech people within the shipping industry, how do we explain, how do we make it accessible to all our users? So that's where we came up with the idea of a data supermarket, with in mind really the target of enabling self-service for our business. So by giving the analogy of a supermarket, it was much easier at the beginning to explain our business." - Simon Fassot from Hafnia Fresh out of the studio, Nick Eayrs, Vice President of Field Engineering for Asia Pacific and Japan at Databricks, and Simon Fassot, General Manager and Head of Global Data and Analytics at Hafnia, join us to explore how data intelligence is transforming enterprise AI across diverse industries in Asia. Nick explained the fundamental distinction between general intelligence and data intelligence - emphasizing how enterprises gain competitive advantage by training AI on their proprietary data rather than public knowledge. Nick showcased customer success stories including Standard Chartered Bank and TechComBank and shared his perspectives on how senior executives can take advantage of AI by moving fast rather than wait and see. Last but not least, Nick offered what great would look like for Databricks in Asia Pacific and Japan in serving their customers. Adding the lens of the customer, Simon shared Hafnia's transformation from legacy SQL Server systems to a unified Databricks architecture serving their global shipping operations and elaborated on how the company is breaking down silos with their data supermarket and "Marvis" AI copilot for maritime operations based on retrieval augmented generation. This is Part 1 from Databricks Data + AI Event Singapore.  Episode Highlights: [00:00] QOTD by Nick Eayrs and Simon Fassot [00:49] Introduction: Nick Eayrs from Databricks [03:32] Customer obsession means deeply understanding their business context [05:22] Data intelligence versus artificial general intelligence explanation begins [06:42] AI trained on your data creates competitive advantage [08:17] Only 15% of companies have correct AI infrastructure ready [11:17] Don't wait for AI perfection, just get started now [12:30] Agent Bricks simplify AI development using natural language [13:49] Standard Chartered Bank cybersecurity use case with SIEM [16:22] TechCom Bank in Vietnam customer brain with 12,000 customer attributes [18:32] Shared responsibility model for ethical AI deployment [25:24] Asia Pacific psychology focuses on future, not past [26:28] Most important question: How do you get started? [30:18] What does great look like for Databricks? [33:16] Introduction: Simon Fassot from Hafnia [35:18] How Hafnia transformed to full cloud architecture centralizes data through Databricks [36:28] Self-service access needed for 300 onshore, 4000 vessel employees [37:00] Three user types: operations, business intelligence, domain experts and Use Cases for Hafnia [41:32] Unity catalog controls data quality for AI cases [42:21] Two-phase Gen AI: ingest unstructured, then consume data [44:25] How to implement Generative AI: One bad AI answer loses all user trust [45:31] How reports in Hafnia use RAG embedded in workflows [46:47] Data supermarket analogy simplifies self-service for business [48:39] Marvis AI personalizes Gen AI within company context [49:46] Neo4j partnership adds graph capabilities to ecosystem [53:33] DNA Port platform unifies scattered dashboards and applications [54:22] Databricks enables focus on business value over operations Profiles: Nick Eayrs, Vice President of Field Engineering, Asia Pacific & Japan at Databricks LinkedIn: https://www.linkedin.com/in/nick-eayrs/ Simon Fassot, General Manager and Head of Global Data and Analytics at Hafnia LinkedIn: https://www.linkedin.com/in/simon-fassot-68b95135/ Podcast Information: Bernard Leong hosts and produces the show. The proper credits for the intro and end music are "Energetic Sports Drive." G. Thomas Craig mixed and edited the episode in both video and audio format. Here are the links to watch or listen to our podcast. Analyse Asia Main Site: https://analyse.asia Analyse Asia Spotify: https://open.spotify.com/show/1kkRwzRZa4JCICr2vm0vGl Analyse Asia Apple Podcasts: https://podcasts.apple.com/us/podcast/analyse-asia-with-bernard-leong/id914868245 Analyse Asia LinkedIn: https://www.linkedin.com/company/analyse-asia/ Analyse Asia X (formerly known as Twitter): https://twitter.com/analyseasia Sign Up for Our This Week in Asia Newsletter: https://www.analyse.asia/#/portal/signup Subscribe Newsletter on LinkedIn https://www.linkedin.com/build-relation/newsletter-follow?entityUrn=7149559878934540288

DShield SIEM Docker Updates Guy updated the DShield SIEM which graphically summarizes what is happening inside your honeypot. https://isc.sans.edu/diary/DShield%20SIEM%20Docker%20Updates/32276 Again: Sonicwall SSL VPN Compromises The Australian Government s Signals Directorate noted an increase in compromised Sonicwall devices. https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/ongoing-active-exploitation-of-sonicwall-ssl-vpns-in-australia Website Keystroke Logging Many websites log every keystroke, not just data submitted in forms. https://arxiv.org/pdf/2508.19825